refactor: user role

apps/models_provider/serializers/model_serializer.py

@@ -6,11 +6,14 @@ import time
 from typing import Dict
 
 import uuid_utils.compat as uuid
+from django.core.cache import cache
 from django.db.models import QuerySet
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 
 from common.config.embedding_config import ModelManage
+from common.constants.cache_version import Cache_Version
+from common.constants.permission_constants import ResourcePermission, ResourceAuthType
 from common.database_model_manage.database_model_manage import DatabaseModelManage
 from common.db.search import native_search
 from common.exception.app_exception import AppApiException
@@ -21,7 +24,7 @@ from models_provider.base_model_provider import ValidCode, DownModelChunkStatus
 from models_provider.constants.model_provider_constants import ModelProvideConstants
 from models_provider.models import Model, Status
 from models_provider.tools import get_model_credential
-from system_manage.models import WorkspaceUserResourcePermission
+from system_manage.models import WorkspaceUserResourcePermission, AuthTargetType
 from users.serializers.user import is_workspace_manage
 
 
@@ -318,6 +321,19 @@ class ModelSerializer(serializers.Serializer):
             model = Model(**model_data)
             try:
                 model.save()
+                # 自动授权给创建者
+                WorkspaceUserResourcePermission(
+                    target=model.id,
+                    auth_target_type=AuthTargetType.MODEL,
+                    permission_list=[ResourcePermission.VIEW, ResourcePermission.MANAGE],
+                    workspace_id=workspace_id,
+                    user_id=self.data.get('user_id'),
+                    auth_type=ResourceAuthType.RESOURCE_PERMISSION_GROUP
+                ).save()
+                # 刷新缓存
+                version = Cache_Version.PERMISSION_LIST.get_version()
+                key = Cache_Version.PERMISSION_LIST.get_key(user_id=self.data.get('user_id'))
+                cache.delete(key, version=version)
             except Exception as save_error:
                 # 可添加日志记录
                 raise AppApiException(500, _("Model saving failed")) from save_error

apps/users/serializers/user.py

@@ -222,6 +222,9 @@ class UserManageSerializer(serializers.Serializer):
                                  post_records_handler=lambda u: UserInstanceSerializer(u).data)
             role_model = DatabaseModelManage.get_model("role_model")
             user_role_relation_model = DatabaseModelManage.get_model("workspace_user_role_mapping")
+            workspace_model = DatabaseModelManage.get_model("workspace_model")
+            workspace_mapping = {str(workspace_model.id): workspace_model.name for workspace_model in
+                                 workspace_model.objects.all()}
 
             def _get_user_roles(user_ids):
                 if not (role_model and user_role_relation_model):
@@ -237,17 +240,23 @@ class UserManageSerializer(serializers.Serializer):
                 )
 
                 # 构建用户ID到角色名称列表的映射
-                user_role_mapping = defaultdict(list)
+                user_role_mapping = defaultdict(set)  # 使用 set 去重
                 # 构建用户ID到角色ID与工作空间ID映射
                 user_role_setting_mapping = defaultdict(lambda: defaultdict(list))
+                user_role_workspace_mapping = defaultdict(lambda: defaultdict(list))
 
                 for relation in user_role_relations:
                     user_id = str(relation.user_id)
                     role_id = relation.role_id
                     workspace_id = relation.workspace_id
 
-                    user_role_mapping[user_id].append(relation.role.role_name)
+                    user_role_mapping[user_id].add(relation.role.role_name)
                     user_role_setting_mapping[user_id][role_id].append(workspace_id)
+                    user_role_workspace_mapping[user_id][relation.role.role_name].append(
+                        workspace_mapping.get(workspace_id, workspace_id))
+
+                    # 将 set 转换为 list 以符合返回格式
+                user_role_mapping = {uid: list(roles) for uid, roles in user_role_mapping.items()}
 
                 # 转换为所需的结构
                 result_user_role_setting_mapping = {
@@ -255,18 +264,24 @@ class UserManageSerializer(serializers.Serializer):
                               for role_id, workspace_ids in roles.items()]
                     for user_id, roles in user_role_setting_mapping.items()
                 }
+                result_user_role_workspace_mapping = {
+                    user_id: {role_name: workspace_names
+                              for role_name, workspace_names in roles.items()}
+                    for user_id, roles in user_role_workspace_mapping.items()
+                }
 
-                return user_role_mapping, result_user_role_setting_mapping
+                return user_role_mapping, result_user_role_setting_mapping, result_user_role_workspace_mapping
 
             if role_model and user_role_relation_model:
                 user_ids = [user['id'] for user in result['records']]
-                user_role_mapping, user_role_setting_mapping = _get_user_roles(user_ids)
+                user_role_mapping, user_role_setting_mapping, user_role_workspace_mapping = _get_user_roles(user_ids)
 
                 # 将角色信息添加回用户数据中
                 for user in result['records']:
                     user_id = str(user['id'])
                     user['role_name'] = user_role_mapping.get(user_id, [])
                     user['role_setting'] = user_role_setting_mapping.get(user_id, [])
+                    user['role_workspace'] = user_role_workspace_mapping.get(user_id, [])
             return result
 
     @transaction.atomic